IT Security News Blast 7-14-2017

What hospitals using cloud storage should know about Verizon’s data breach

The cause of the breach? An employee unchecked a box, which made the database public. Amazon makes the default setting private for all cloud storage. […] These issues highlight the need for hospitals to exercise caution when uploading data to the cloud, as user error is a major issue. Cybercriminals — who make a living off these vulnerabilities and exposed databases — are constantly surveying the internet to find flaws and sell the data on the dark web.

In addition to reporting to OCR as soon as possible any breach of protected health information (PHI) affecting 500 or more individuals, OCR recommends in its checklist that a health care organization experiencing a cyberattack or similar emergency do the following:

Execute its response and mitigation procedures and contingency plans;

Report the crime to other law enforcement agencies; and

Report all cyber threat indicators to the appropriate federal and information-sharing and analysis organizations.

Water Research Foundation Launches Project on Resilient Water Infrastructure

In support of that overall aim, this project has the following objectives:

Establish a common definition for “resilient infrastructure” in the context of the water utility sector in the United States

Identify existing resources, ongoing efforts, best practices, and potential partner agencies or organizations addressing infrastructure resilience in the water sector, both in the United States and internationally

Identify and prioritize a set of targeted research needs and objectives to underpin the development of pragmatic tools and guidance for water utilities

McAuliffe is attending the National Governors Association summer meeting in Providence, which runs from Thursday to Saturday. […] The NGA says it is expecting more than 30 governors to attend. Scheduled topics of discussion include international trade, the opioid epidemic and cybersecurity, which McAuliffe has made a priority for the group.

More than half (57 percent) of IT security professionals work weekends and, on average, nearly a third (29 percent) work ten hours a day, the survey of 360 information security professionals found. But despite the overtime, nearly all (97 percent) said they still find their job rewarding and the vast majority (85 percent) said they plan to stay in security, the survey said.

A third of security professionals are unprepared for dealing with cyber threats

One in three security professionals lack effective intelligence to detect and action cyber threats, according to a new survey from threat intelligence platform Anomali. In addition 24 percent believe they are at least one year behind the average threat actor, with half of this sample admitting they are trailing by two to five years. Among other findings are that 17 percent of respondents haven’t invested in any threat detection tools such as SIEM, paid or open threat feeds, or User and Entity Behavior Analytics (UEBA).

The outcome was a loss for the White House, Defense Secretary Jim Mattis and other opponents who claim a new “Space Corps” equals more bureaucracy, but it was a win for lawmakers who warn the Air Force must be reorganized to catch up with China and Russia’s militarization of space. Space has become critical for the U.S. military with satellites used for navigation, protected communications, missile warning, surveillance and intelligence collection.

Cyber-strategies have now become indirect forms of coercion designed to weaken adversary resolve and create uncertainty, as well as undermine alliances or create political wedges. A growing number of states are using cyber-intrusions to wage psychological warfare and leak information with propaganda value. In addition to propaganda, states use cyber-operations to influence elections and conduct disruption operations. Russian interference in the elections of Western states has become so common it is now expected. But instead of just disrupting elections, Russia now seems to be leveraging cyberespionage and propaganda to generate larger crises.

“The idea of technical security cooperation with Russia is silly,” said Robert Knake, a senior fellow at the Council on Foreign Relations and former director for cybersecurity policy at the National Security Council during the Obama administration. On the other hand, “the idea of a working group on cybersecurity issues and restarting discussions with Russia and looking to put in place capabilities that might reduce conflict and improve communication is worthwhile,” he said.

Although President Trump walked his suggestion back 12 hours later, his tweets are indicative of the lack of seriousness he is giving this issue. It is just the latest example of him playing fast and loose with American foreign policy and our place in the world. That is why I have introduced an amendment to the defense authorization bill on the House floor this week and I am finalizing stand-alone legislation to affirmatively prevent the Trump administration from implementing any joint cooperation or coordination with Russia on matters of cybersecurity.

Russian hacker group ‘CyberBerkut’ returns to public light with allegations against Clinton

A Twitter account tied to a group that the Defense Intelligence Agency recently described as “Russian hackers … supporting Russia’s military operations” returned to the spotlight Wednesday by posting a message that alleges Ukrainian government officials and businessmen laundered money and sent it to Hillary Clinton by making donations to the Clinton Foundation. […] “CyberBerkut employs a range of both technical and propaganda attacks, consistent with the Russian concept of ‘information confrontation,’” the agency notes.

“It’s impossible to get valuable information about an underground community without a deep understanding of the region and of the cybercriminals’ motives, psychology, and language,” Dmitry Volkov, Co-Founder of Group-IB said in a statement. Intelligence on Russian hackers is sourced from underground communities. Data includes patterns of behavior, motives, methods and techniques. Group-IB said this unique information allows cybersecurity professionals to build more effective defense strategies.

Alarmism may not be productive, but states do have reason to worry. Local officials, though, have bristled at the Department of Homeland Security’s move to designate election systems as “critical infrastructure,” a move designed to unlock resources for system defense upgrades and improve state–federal communication. Everyone agrees that security matters; how to get there is another matter entirely.

“Whereas cyber was a sort of discrete topic back in, say, 2005 that had a lot of attention,” said Wray, “now in 2017 cyber in many ways permeates every aspect of national security, of the intelligence community, of every type of criminal conduct we deal with. It’s become part of the fabric both of our security but also the threats to our security.” […] “As much as everybody is talking about the threats,” he said, “I have the sense that we are just scratching the surface of how grave the threats really are, or at least how grave the threats are about to be before we blink and wake up.”

HighRise acts as an SMS proxy that provides greater separation between devices in the field (“targets”) and the listening post (LP) by proxying “incoming” and “outgoing” SMS messages to an Internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.” It is unclear why the password was chosen as “Inshallah” which is a term Muslims around the world freely use. One reason could be that the app was developed to target Arabs or Muslims in general.

Given that the likelihood of attack is growing each day it is essential that this sort of insurance cover should be an integral part of any risk management plan. A structured and well thought out risk management plan orders the organisation’s thinking about how risk should be handled. The choices are relatively simple. Risk can be ignored, avoided, controlled or – transferred. Cyber liability is an example of how risk can be transferred to a third party.

There’s no sugarcoating the reality: Net neutrality advocates know they face an uphill battle. That’s because their primary adversary, Republican Federal Communications Commission chief Ajit Pai, who is not an elected official and is therefore not directly accountable to voters, appears to be hell-bent on rolling back the agency’s open internet rules. Pai, a former Verizon lawyer and longtime FCC official who was chosen by Trump to lead the agency in January, has made dismantling the Obama-era net neutrality protections a top priority.

More than 750 domain names were hijacked through the internet’s own systems, registrar Gandi has admitted. Late last week, an unknown individual managed to get hold of the company’s login to one of its technical providers, which then connects to no fewer than 27 other top-level domains, including .asia, .au, .ch, .jp and .se. Using that login, the attacker managed to change the domain details on the official nameservers for 751 domains on a range of top-level domains, and redirect them all to a specific website serving up malware.

In the tutorials, it is indicated that the Rodeo browser is essentially a Tor Browser which is tweaked exclusively to allow access to the dark web marketplace. Although it is purported to be a Tor browser, it is, however, nothing like that and simply imitates the UI of the Tor browser. […] Once the marketplace is loaded, users are asked to create an account in order to make purchases. However, the orders placed are simply meant to fool the users as the products do not get delivered. Nevertheless, the users have to pay in bitcoins to make a purchase.

The example used by Malwarebytes recently found a banking trojan that once installed on the victims machines downloaded FFmpeg, a free software that produces libraries and programs for handling multimedia data. This ability, along with several others already included in the malware, allows the hacker to not only grab screenshots, but full video of the victim’s computer.

The flaw could be used for credential theft and remote privilege escalation, though to exploit it, an attacker would have to have network access. “The attacker needs to be on the network and to have control over a service principle that the client could communicate with,” said Altman in a phone interview with The Register. “As far as we know there are no exploits in the wild. But it certainly is exploitable and we consider it to be very serious.”

One vulnerability includes unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second discovery impacts Remote Desktop Protocol (RDP) Restricted-Admin mode. The identified vulnerabilities can result in unauthorised credential use, risk of password cracking and potentially domain compromise. […] “As a result, every connection to an infected machine (SMB, WMI, SQL, HTTP) with a domain admin would result in the attacker creating a domain admin account and getting full control over the attacked network.”

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.